230 likes | 429 Views
The Future of Secure Information Sharing Mark Kagan. August 14, 2007. Key Information Sharing Technology Trends. Horizontal Fusion Initiative Identity Management and Authentication Multi-Level Security Secure Information Sharing Architecture (SISA) Service Oriented Architecture (SOA)
E N D
The Future of Secure Information SharingMark Kagan August 14, 2007
Key Information Sharing Technology Trends • Horizontal Fusion Initiative • Identity Management and Authentication • Multi-Level Security • Secure Information Sharing Architecture (SISA) • Service Oriented Architecture (SOA) • Wikis and Blogs
The Leader: DIA • The Defense Intelligence Agency believes that true interoperability must occur at the data level, instead of the system level • DIA is building an SOA with a set of common data standards that will use Web services, Extensible Markup Language (XML), metadata tagging and other tools that should ease collaboration DIA is not looking for any technology silver bullets — much of what it is doing involves IT best practices and data tagging that will allow information movement back and forth
Operation Ivy Bells An example of “secure information sharing” until 1980, when NSA analyst Ronald Pelton walked into the Soviet embassy in Washington, DC In a joint NSA-U.S. Navy operation beginning in 1971, U.S. submarines tapped into the undersea telephone cable that connected the Soviet submarine base at Petropavlovsk on the Kamchatka Peninsula to the Soviet Pacific Fleet headquarters on the mainland at Vladivostok
Gen. Buck Turgidson Gen. Curtis LeMay Information Sharing: Reality (Part I)
Information Organization Information Sharing: Reality (Part III) Which one is secure?
Information Sharing? What Information? What’s the difference between Sunnis and Shi’ites?
“Stuff happens.” “Freedom's untidy and free people are free to make mistakes and commit crimes and do bad things.” Intelligence Sharing? Part I
Intelligence Sharing? Part II A commander from 3rd Infantry Division observed after Operation Iraqi Freedom (OIF): “I had perfect situational awareness. What I lacked was cultural awareness. I knew where every enemy tank was dug in on the outskirts of Tallil. Only problem was, my soldiers had to fight fanatics charging on foot or in pickups and firing AK47s and RPGs. Great technical intelligence…. Wrong enemy.” The U.S. Army did not begin to provide Middle East cultural awareness training until the spring of 2006 — three years after OIF — and only for troops who were going to be deployed in Iraq, not for troops already there
Stovepipes, Silos and Barriers • Bureaucratic • Institutional • Organizational • Psychological • Technology • Information • Cultural Gorillas in the Stovepipes Legacy Systems and Legacy Thinking BIOPTIC DNA
“The intelligence community does not exist except as a figment of Congressional imagination” — A very senior intelligence official Source: U.S. News & World Report, August 2, 2004
Intellectual Property? “The creators of intelligence tend to regard it as ‘intellectual property’ and don’t want to share it. This information — even though you created it — really belongs to the nation… and you really ought to share it.” “Everyone agrees with this, but in practice, the story is different” Lt. Gen. Robert J. Elder, Commander, 8th Air Force and U.S. Air Force Cyber Command (Air Force Magazine, August 2007)
New Term Needed? Knowledge Management X Information Sharing OR Knowledge Centricity* Too Many People Don’t Want to Share Information Sharing or…? * Coined by Gen. Tom Hobbins, Commander, U.S. Air Forces Europe
Requirements • Too much information • Gatekeepers • Different ways of doing things • Comfort levels – ease of use • Workload • Value to users • Pain points • How does this help me to do my job better, more easily? “Need to Know” versus “Need to Share” Rewards vs. Punishments: For sharing For not sharing
Management and Technology • Implementation of new technologies • Often done on top of existing processes, procedures, and practices • Change management and business process reengineering — like security — must be an integral part of the solution and the architecture, not just a bolt-on • Includes the bureaucratic, institutional, organizational, psychological, and cultural changes • Risk management and cost-benefit analyses • Budget cycles vs. technology cycles Policy, Standards, Training
Change Management: Part I “Delivering the Power of Information: Transforming the National Defense Team” David M. Wennergren Deputy Assistant Secretary of Defense (Information Management and Technology) and DoD Deputy Chief Information Officer
Change Management: Part II “Delivering the Power of Information: Transforming the National Defense Team” David M. Wennergren Deputy Assistant Secretary of Defense (Information Management and Technology) and DoD Deputy Chief Information Officer
Summary • Technology is “easy” — people are hard • Solutions, not technologies • Mission-critical goals, not organization-critical goals • Change or eliminate processes, procedures, and practices to enable information sharing/knowledge management/knowledge centricity • Technology and change management/BPR must be integral parts of the solution from the ground up • Policy, policy, policy • Standards, standards, standards • Training, training, training • BIOPTIC DNA (Bureaucratic – Institutional – Organizational – Psychological – Technology – Information – Cultural)
Applies to new technologies The Reality of GovernmentTechnology Programs • Government officials and contractors consistently underestimate: • Costs • Complexity • Obstacles • Time • Government officials and contractors consistently: • Over-promise • Under-deliver 50% of the cost is often spent on the last 10% of performance
Scotty’s Rule Always tell them it’s going to take twice as long as you think it will because then they’ll think you’re a miracle worker when you do it in half the time